ISO 27001:2013 may be used as the basis for ISMS implementation. It specifies the requirements for the design, implementation, operation, monitoring, analysis, maintenance and improvement of documented ISMS in the course of an organisation’s general business processes. ISO 27002:2013 may also be applied, as it contains a set of practical guidelines for ISMS building based on best practices and experience in this area. In addition, the requirements of these standards can also serve as a basis for ISMS assessment.